CVE-2025-21139

CVE-2025-21139

Título es
CVE-2025-21139

Mar, 14/01/2025 – 20:15

Tipo
CWE-122

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-21139

Descripción en
Substance3D – Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

14/01/2025
14/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-06.html

    • Enviar en el boletín
    Off

    CVE-2025-21138

    CVE-2025-21138

    Título es
    CVE-2025-21138

    Mar, 14/01/2025 – 20:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21138

    Descripción en
    Substance3D – Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-06.html

    • Enviar en el boletín
    Off

    CVE-2025-21137

    CVE-2025-21137

    Título es
    CVE-2025-21137

    Mar, 14/01/2025 – 20:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21137

    Descripción en
    Substance3D – Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-06.html

    • Enviar en el boletín
    Off

    CVE-2025-21136

    CVE-2025-21136

    Título es
    CVE-2025-21136

    Mar, 14/01/2025 – 20:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21136

    Descripción en
    Substance3D – Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-06.html

    • Enviar en el boletín
    Off

    CVE-2025-23019

    CVE-2025-23019

    Título es
    CVE-2025-23019

    Mar, 14/01/2025 – 20:15

    Tipo
    CWE-940

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23019

    Descripción en
    IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://datatracker.ietf.org/doc/html/rfc4213

  • https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf

  • https://www.top10vpn.com/research/tunneling-protocol-vulnerability/

    • Enviar en el boletín
    Off

    CVE-2025-23018

    CVE-2025-23018

    Título es
    CVE-2025-23018

    Mar, 14/01/2025 – 20:15

    Tipo
    CWE-940

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23018

    Descripción en
    IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://datatracker.ietf.org/doc/html/rfc2473

  • https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf

  • https://www.top10vpn.com/research/tunneling-protocol-vulnerability/

    • Enviar en el boletín
    Off

    CVE-2025-21251

    CVE-2025-21251

    Título es
    CVE-2025-21251

    Mar, 14/01/2025 – 18:15

    Tipo
    CWE-400

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21251

    Descripción en
    Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21251

    • Enviar en el boletín
    Off

    CVE-2025-21250

    CVE-2025-21250

    Título es
    CVE-2025-21250

    Mar, 14/01/2025 – 18:15

    Tipo
    CWE-122

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21250

    Descripción en
    Windows Telephony Service Remote Code Execution Vulnerability

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250

    • Enviar en el boletín
    Off

    CVE-2025-21249

    CVE-2025-21249

    Título es
    CVE-2025-21249

    Mar, 14/01/2025 – 18:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21249

    Descripción en
    Windows Digital Media Elevation of Privilege Vulnerability

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.60

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21249

    • Enviar en el boletín
    Off

    CVE-2025-21257

    CVE-2025-21257

    Título es
    CVE-2025-21257

    Mar, 14/01/2025 – 18:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-21257

    Descripción en
    Windows WLAN AutoConfig Service Information Disclosure Vulnerability

    14/01/2025
    14/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21257

    • Enviar en el boletín
    Off